Tabs

Tuesday, August 30, 2016

Fewer Privacy Notices Required for Bank Insurance Licensees

Yesterday, the National Association of Insurance Commissioners (NAIC adopted a model bulletin to implement recent amendments to the Gramm-Leach-Bliley Act’s privacy provisions (the so-called “FAST Act,” which was enacted on December 4, 2015).
The FAST Act eliminates the requirement that financial institutions (including banks, insurance companies and insurance agencies, if applicable) provide annual privacy notices to their customers. Once a state adopts the NAIC’s model bulletin, insurance entities licensed in the state will no longer have to provide the annual privacy notices if they meet the following conditions:

the privacy notice does not provide the customer with an opportunity to “opt out” of the disclosure of nonpublic personal information (NPI) to nonaffiliated third parties; and

the insurance company or insurance agency (if applicable) has not revised its privacy notice with regard to disclosing NPI to a nonaffiliated third party since it issued its most recent privacy notice. The elimination of the requirement to provide an annual privacy notice would be available to an insurance company or an insurance agency that has a joint marketing agreement in place for the disclosure of customer NPI to a nonaffiliated bank.
Note that in most cases, this relief will not be relevant to an insurance agency, which often is able to rely on an insurance company’s provision of privacy notices, instead of having to provide its own privacy notice.

This action is consistent with the Consumer Financial Protection Bureau’s (CFPB) recent proposal to modify Regulation P (12 C.F.R. Part 1016), which implements the Gramm-Leach-Bliley Act’s privacy provisions with respect to financial institutions regulated by the Federal prudential regulators, such as banks.
Given this action, here’s where we currently stand on the requirement that a financial institution provide annual privacy notices (assuming is satisfies the two requirements set forth in the first paragraph):

Banks will no longer be required to provide annual privacy notices once the CFPB issues its final rule to amend Regulation P.

Insurance companies, and insurance agencies that provide privacy notices, will no longer be required to provide annual privacy notices to their customers once a state adopts the NAIC’s model bulletin, with an important caveat: Some states may need to amend their regulations to effect the change in the regulatory requirement (a bulletin may not suffice), so insurance licensees should check with the their state regulators to determine what is, and is not, permitted.

Financial institutions within a holding company that provide joint privacy notices (such as a bank that has a subsidiary insurance agency) will need to check both Regulation P and state insurance law before they stop jointly delivering annual privacy notices to customers of the various entities within the holding company.

If you have any question regarding this issue, please contact Sarah Ferman at sferman@aba.com.

Search

Archive

The content is provided for educational purposes only, with the understanding that neither the authors, contributors, licensees nor the publishers of this site are engaged in rendering legal, accounting or other expert or professional services. If legal or other expert assistance is required, the services of a competent professional should be sought.

All content appearing on the website is either owned by ABA as author or licensed from a third party. Licensed content from third parties appearing on this site do not necessarily reflect the views of the ABA. ABA makes no representations regarding the truth or accuracy of licensed content that may appear on this website. ABA respects the copyright and required disclosures of third parties providing licensed content. Therefore, please click here to access such disclosures.

The inclusion herein of any link to a website, does not denote any approval, sponsorship, or endorsement by the ABA, and ABA is not responsible for the content or opinions expressed on those linked websites. This content that appears on this website is strictly for ABA’s use and is not licensed to any third party websites. This website is not affiliated with any other third party site. Any reference to the author or this content on any third party site on the Internet is not authorized by the ABA.

It is the policy of the American Bankers Association to comply fully with all antitrust laws. Certain discussions should be considered off-limits, including those that contain competitively sensitive data such as price and cost information, or statements that could be construed as reflecting an attempt or desire to control or influence a particular market or markets. Future pricing or other prospective competitive information should never be shared.